MDVSA-2009:043

Problembeschreibung

Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute arbitrary
code via Python scripting in the current Gnumeric working directory
(CVE-2009-0318).